[ntp:security] Security Vulnerability Notification in NTP daemon

Fergal Glynn FGlynn at Veracode.com
Thu Feb 26 15:36:28 UTC 2009



We will talk to you at 12 on Friday. Conf bridge ID and internet meeting
URL details are below **.


I'm sorry but the 4.2.4p5 scan won't be finished before the call. After
reviewing the results we ask the project to mitigate the flaws and
resubmit the application for an additional scan. The results of this
scan will be released to our customer. We should decide tomorrow what
version will be best to scan next.


Talk to you tomorrow,





**Meeting details


Dial-in:                 888-272-7337

International:   +1-303-928-2688

Conf ID:                2303739


Fergal Glynn has invited you to attend an online meeting using Live
Join the meeting.


Copy this address and paste it into your web browser: 

Copy and paste the required information: 
Meeting ID: F72JMB 
Entry Code: tnnF^{5






-----Original Message-----
From: Harlan Stenn [mailto:stenn at ntp.org] 
Sent: Thursday, February 26, 2009 1:14 AM
To: Fergal Glynn
Cc: Harlan Stenn; security at ntp.org
Subject: Re: [ntp:security] Security Vulnerability Notification in NTP


Hi Fergal,


> I'm glad you accessed the results. Can we try and do a quick call

> in the week? I'd like to get your input on our analysis and discuss

> scanning a newer build. In terms of acknowledging Veracode's efforts,

> would like to get your rating up to an A and then do a joint


> Does Friday at 3 work?  That would be 12 noon your time?


Yes, that will be fine.  Is there a chance the scan of 4.2.4p5 will be

finished by then?


I'm hoping to release 4.2.6 soon, and that will come from the latest

ntp-dev code.  How difficult would it be to get that code scanned?





-------------- next part --------------
An HTML attachment was scrubbed...
URL: https://lists.ntp.org/mailman/private/security/attachments/20090226/e3bbc39e/attachment.html 

More information about the security mailing list